MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5384ccb0b269d6a8f231c81ae63d7b2107b070f3350fef89058dc8c0c4f70341. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5384ccb0b269d6a8f231c81ae63d7b2107b070f3350fef89058dc8c0c4f70341
SHA3-384 hash: 439a847ca574adbc623f7d8d33c516af5e7843461272405ab1dd272371c161cbb788e585af72d2783bb4e40f2f2b2275
SHA1 hash: 40dff2f4beed4da9a35cc9d947b6b92e32fb09e2
MD5 hash: c8a19b4ad834d97b564e72ce7a6d7349
humanhash: autumn-mockingbird-item-washington
File name:gmb.img
Download: download sample
Signature GuLoader
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 17:29:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 768:koaX49f56sBf/sXEGEKQmAUGklQWVGouk9guPlrahjqAOAEqJd5v8rGAO:kszVUNEmAuGWAq9rBahtOAXj
TLSH 9E45190B79D08C72E9368B7258B08A921D63EC762E204F3B364D776D5F761C91EB035A
Reporter abuse_ch
Tags:GuLoader img


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: 134-0-117-239.ovz.vps.regruhosting.ru
Sending IP: 134.0.117.239
From: Alex <sale@findmiphone.pw>
Subject: Purchase Order 2003161-0 #NEW STOCK
Attachment: gmb.img (contains "GMPO20200527.exe")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1ABctU6Q-tBlM6TE0L698xIUiF7b8Ky2_

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43228788.3010.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 17:36:50 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

img 5384ccb0b269d6a8f231c81ae63d7b2107b070f3350fef89058dc8c0c4f70341

(this sample)

GuLoader

Executable exe d87672e9c15ea338b77c0556e05215656cb90a3a50ac38a51b9c22db0afb0bef

  
URLhaus
https://urlhaus.abuse.ch/url/369936/
  
Dropping
MD5 1d386ed3063490b07308691547c2fa51
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d87672e9c15ea338b77c0556e05215656cb90a3a50ac38a51b9c22db0afb0bef

Comments